• Home
  • Cortex XDR by Palo Alto Networks vs. Mandiant Advantage

Cortex XDR by Palo Alto Networks vs Mandiant Advantage comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Defender XDR
Read 80 Microsoft Defender XDR reviews
6,230 views|4,702 comparisons
97% willing to recommend
Palo Alto Networks Logo
Cortex XDR by Palo Alto Networks
Read 80 Cortex XDR by Palo Alto Networks reviews
12,044 views|6,654 comparisons
94% willing to recommend
Mandiant Logo
Mandiant Advantage
Read 3 Mandiant Advantage reviews
980 views|626 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
May 2024
Executive Summary

We performed a comparison between Cortex XDR by Palo Alto Networks and Mandiant Advantage based on real PeerSpot user reviews.

Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Mandiant Advantage Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Krzysztof Jóźwiak
Helps stop the lateral movement of advanced attacks, provides unified identity and access management
Microsoft Defender XDR provides unified identity and access management. Microsoft Defender XDR can extend beyond to cover more than just Microsoft... Read more →
MartinPulpan
Good features, strong protection, and very scalable and stable
Clients have a big problem with phishing campaigns and phishing attacks. Cortex XDR provides some level of protection against malware spreading in... Read more →
Joshua Garnett
It gives us peace of mind that issues can be addressed when our core IT team isn't working
Mandiant gives us peace of mind that their SOC will resolve issues when our core IT team is not online.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing.""The product is very easy to use.""We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks.""The integration, visibility, vulnerability management, and device identification are valuable.""I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender.""I have found the ability to delete unwanted threats beneficial.""The summarization of emails is a valuable feature.""The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."

More Microsoft Defender XDR Pros →

"The user interface of the solution is sophisticated and straightforward.""The product has an intuitive dashboard.""The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.""It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application.""The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.""The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.""The most valuable feature is that you can select remote access of any machine for sandboxing.""The product's most valuable features are massive user and feature intelligence exploit detection."

More Cortex XDR by Palo Alto Networks Pros →

"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats.""It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far.""The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."

More Mandiant Advantage Pros →

Cons
"The management and automation of the cloud apps have room for improvement.""The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete.""At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times.""The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging.""The licensing is a nightmare and has room for improvement.""At times, there may be delays in the execution of certain actions and their effects.""Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR.""Stability could be improved by avoiding frequent changes to the interface."

More Microsoft Defender XDR Cons →

"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.""Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it.""The price could be a little lower.""The playbooks could be improved to include more functionalities or actions.""In general, the price could be more competitive.""The solution should offer more dashboards and they should be better customized.""Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.""The solution should force customers to integrate with network traffic to see the full benefits of XDR."

More Cortex XDR by Palo Alto Networks Cons →

"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client.""They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful.""I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."

More Mandiant Advantage Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

    • More Microsoft Defender XDR Pricing and Cost Advice →

  • "I feel it is fairly priced."
  • "The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
  • "We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
  • "It is "expensive" and flexible."
  • "Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
  • "I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
  • "It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
  • "The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."

    • More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →

    Information Not Available
    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Microsoft 365 Defender?
    Top Answer:Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and… more »
    Read all 41 answers   →
    What is your experience regarding pricing and costs for Microsoft 365 Def...
    Top Answer:Microsoft Defender XDR is expensive, especially for the full suite functionality. However, when compared to buying… more »
    Read all 31 answers   →
    What needs improvement with Microsoft 365 Defender?
    Top Answer:Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR. Additionally… more »
    Read all 40 answers   →
    Cortex XDR by Palo Alto vs. Sentinel One
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Read all 3 answers   →
    Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that… more »
    How is Cortex XDR compared with Microsoft Defender?
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface… more »
    What do you like most about Mandiant Advantage?
    Top Answer:The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to… more »
    Read all 2 answers   →
    What needs improvement with Mandiant Advantage?
    Top Answer:I think that the data query that is used for data cloud language should be improved. It's really hard to query actual… more »
    Read all 2 answers   →
    What is your primary use case for Mandiant Advantage?
    Top Answer:Our primary use case was monitoring the threat actors that our clients were concerned about. We also used Mandiant… more »
    Read all 2 answers   →
    Comparisons
    Also Known As
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    Cyvera, Cortex XDR, Palo Alto Networks Traps
    Mandiant Threat Intelligence
    Learn More
    Microsoft
    Palo Alto Networks
    Mandiant
    Overview

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

    Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

    Benefits of Cortex XDR

    Some of Cortex XDR’s benefits include:

    • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
    • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
    • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

    Reviews from Real Users

    Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

    PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

    Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



    Mandiant Advantage is a multi-vendor XDR platform that provides security teams of all sizes with frontline intelligence. Mandiant Advantage aims to speed up operational as well as strategic security and risk decision making. Mandiant Advantage provides security teams with an early knowledge advantage through the Mandiant Intel Grid, which provides platform modules with current and relevant threat data and analysis capabilities. Organizations are better protected from cyber attacks and more confident in their readiness when they have access to continuous security validation, detection, and response.

    Mandiant Advantage Features

    Mandiant Advantage has many valuable key features. Some of the most useful ones include:

    • Threat intelligence: Front-line intelligence that enables a defender to be aware of the strategies and tactics that opponents are employing at this moment. Organizations will be able to contextualize, prioritize, and implement the most pertinent new intelligence by fusing ASM and threat intelligence.
    • Security validation: This allows security teams to optimize, rationalize, and prioritize their security activities from a budget and manpower viewpoint. It measures the effectiveness of security controls applied within an organization. Controls can be evaluated against the most recent TTPs actively used by threat actors by incorporating information into the security validation procedure. Organizations can determine whether their security policies are successfully thwarting or detecting attacks against their external attack surface by integrating ASM and security validation.
    • Automated Defense: In order to fuel SOC event/alert correlation and triage, Automated Defense combines knowledge and intelligence with machine learning. This is similar to integrating a machine-based Mandiant analyst into your security program. By merging ASM and Automated Defense, more context is given to Automated Defense, enhancing the relevance and usefulness of alarms.
    • Attack surface management: ASM offers a continuous, scalable method for locating hundreds of different asset and exposure types within on-premises, cloud, and SaaS application environments. In addition to assets being found, technologies in use are also identified, and vulnerabilities are confirmed rather than just speculated. Cyber defenders are able to effectively and efficiently limit their external exposures by integrating the full Mandiant Advantage suite into ASM, which prioritizes and validates the information regarding the attack surface.

    Mandiant Advantage Benefits

    There are many benefits to implementing Mandiant Advantage. Some of the biggest advantages the solution offers include:

    • Boost your current security investments: No matter what security policies you have implemented, you may improve your security capabilities by automating Mandiant's expertise as a virtual extension of your team.
    • Improve your visibility and priority: View the threats Mandiant is continuously monitoring across your attack surface and internal controls in order to prioritize and drive focus.
    • Flexible deployment: Depending on your needs, Mandiant Advantage can be supplied as technology, along with support, or as a fully managed contract.
    • Scale efficiently: Without the need for time-consuming and expensive human labor, a SaaS-based strategy deploys in hours, scales with your environment, and provides constant expert analysis.
    Sample Customers
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    CBI Health Group, University Honda, VakifBank
    Stater Bros. Markets, Rush Copley, Blackboat, CapWealth
    Top Industries
    REVIEWERS
    Manufacturing Company16%
    Computer Software Company16%
    Financial Services Firm12%
    Government9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    REVIEWERS
    Computer Software Company17%
    Financial Services Firm13%
    Security Firm9%
    Government7%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Government8%
    Financial Services Firm8%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company13%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise24%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise56%
    REVIEWERS
    Small Business41%
    Midsize Enterprise22%
    Large Enterprise37%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise19%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise16%
    Large Enterprise67%
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
    May 2024
    Free Report: Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
    Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Mandiant Advantage and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Mandiant Advantage is ranked 20th in Extended Detection and Response (XDR) with 3 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Mandiant Advantage is rated 8.6. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Mandiant Advantage is most compared with CrowdStrike Falcon, Cortex Xpanse, Cymulate, Microsoft Defender External Attack Surface Management and ThreatConnect Threat Intelligence Platform (TIP). See our Cortex XDR by Palo Alto Networks vs. Mandiant Advantage report.

    See our list of best Extended Detection and Response (XDR) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.